Backdoor

Backdoor.Win32.Androm.ozny malicious file

Malware Removal

The Backdoor.Win32.Androm.ozny is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Androm.ozny virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Explorer.exe process established HTTP connections
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Harvests cookies for information gathering

How to determine Backdoor.Win32.Androm.ozny?



File Info:

name: 6547AB28C9CB03607608.mlw
path: /opt/CAPEv2/storage/binaries/03d3323e5bf695dacc0ab5089a0eeffb6bebffe1ca5ada65ffea1ab7012f1675
crc32: 44DD2234
md5: 6547ab28c9cb036076088197969fbf7c
sha1: b5538d46c3c8c432fe2dd424239664310307659e
sha256: 03d3323e5bf695dacc0ab5089a0eeffb6bebffe1ca5ada65ffea1ab7012f1675
sha512: 40e008000d961af777fc13011cc80c0930d1a86dc33931796dc99be7f03dbfe7abc67b36ef31d3c722af7b5335f41effc4bb24b67d8d3c28a871c3d90b3b560d
ssdeep: 24576:mfnXGbLWtDNynOKa2Ew2e95J+TzHyST9LNBYIdHDJVVU+ttK6S1WeaHkW:mvGbCx8ba2Jqf39xHDJVVu1WVHkW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10B75F126F598F16AE48FE4FE174A17BD06F056B39E6D7453DB82122926F02F130A8C1D
sha3_384: d0c55d6e910e4beb3171ee5e0f636fe7775dd2663e5450bf905e5638e38a8b21af76703a0f1c7be474676a4e959804c6
ep_bytes: 68fc925500e8f0ffffff000000000000
timestamp: 2018-02-04 14:47:57


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Itibiti Inc. 
ProductName: Desire7
FileVersion: 4.02.0007
ProductVersion: 4.02.0007
InternalName: Oxide
OriginalFilename: Oxide.exe

Backdoor.Win32.Androm.ozny also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Androm.m!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader26.11639
MicroWorld-eScanGen:Heur.PonyStealer.Fn0@dKmIYaji
FireEyeGeneric.mg.6547ab28c9cb0360
McAfeeFareit-FMP!6547AB28C9CB
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaBackdoor:Win32/Generic.7a64a347
K7GWTrojan-Downloader ( 004f875e1 )
K7AntiVirusTrojan-Downloader ( 004f875e1 )
BitDefenderThetaGen:NN.ZevbaF.34182.Fn0@aKmIYaji
VirITTrojan.Win32.VBPack_Heur
SymantecTrojan.Smoaler
ESET-NOD32Win32/Smokeloader.A
TrendMicro-HouseCallTSPY_HPFAREIT.SM2
Paloaltogeneric.ml
ClamAVWin.Dropper.HawkEye-7984930-0
KasperskyBackdoor.Win32.Androm.ozny
BitDefenderGen:Heur.PonyStealer.Fn0@dKmIYaji
NANO-AntivirusTrojan.Win32.Zurgop.fgswzl
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.114ce686
Ad-AwareGen:Heur.PonyStealer.Fn0@dKmIYaji
EmsisoftGen:Heur.PonyStealer.Fn0@dKmIYaji (B)
ComodoMalware@#3p0me93zxcgr6
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_HPFAREIT.SM2
McAfee-GW-EditionBehavesLike.Win32.Fareit.tc
SophosMal/Generic-R + Troj/DwnLdr-VCY
IkarusTrojan-Downloader.Win32.Zurgop
GDataGen:Heur.PonyStealer.Fn0@dKmIYaji
JiangminBackdoor.Androm.wrm
WebrootW32.Trojan.GenKD
AviraHEUR/AGEN.1141375
Antiy-AVLTrojan/Generic.ASMalwS.245725D
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.PonyStealer.E59B62
ZoneAlarmBackdoor.Win32.Androm.ozny
MicrosoftTrojan:Win32/Skeeyah.A!rfn
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrand.Gen
VBA32Backdoor.Androm
ALYacGen:Heur.PonyStealer.Fn0@dKmIYaji
MAXmalware (ai score=100)
MalwarebytesTrojan.Injector.VB
APEXMalicious
RisingBackdoor.Androm!8.113 (CLOUD)
YandexBackdoor.Androm!oSorPrPGTnc
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/GuLoader.VHJC!tr
AVGWin32:Malware-gen
Cybereasonmalicious.8c9cb0
PandaTrj/GdSda.A

How to remove Backdoor.Win32.Androm.ozny?

Backdoor.Win32.Androm.ozny removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment